Coverity has flagged this code from r226033 "[FTL] NewArrayBuffer should be sinked if it is only used for spreading" in ArgumentsEliminationPhase::eliminateCandidatesThatEscape as a likely copy/paste error: case LoadVarargs: if (node->loadVarargsData()->offset && (node->child1()->op() == NewArrayWithSpread || node->child1()->op() == Spread || node->child1()->op() == NewArrayBuffer)) escape(node->child1(), node); break; case CallVarargs: case ConstructVarargs: case TailCallVarargs: case TailCallVarargsInlinedCaller: escape(node->child1(), node); escape(node->child2(), node); if (node->callVarargsData()->firstVarArgOffset && (node->child3()->op() == NewArrayWithSpread || node->child3()->op() == Spread || node->child1()->op() == NewArrayBuffer)) // <-- likely error here escape(node->child3(), node); break; It looks like this was probably supposed to be node->child3()->op() == NewArrayBuffer, but I don't pretend to understand anything under Source/JavaScriptCore. Yusuke should look at it.
Yeah I think coverity is right!
<rdar://problem/55507104>